Education, Exercises and Information Security - Information Management Today

UK won the Military Cyberwarfare exercise Defence Cyber Marvel 2 (DCM2)

Security Affairs

FEBRUARY 24, 2023

Defence Cyber Marvel 2 (DCM2) is the largest Western Europe-led cyber exercise that took place in Tallinn with 34 teams from 11 countries. This year, 750 cyber specialists have participated in the military cyberwarfare exercise. ” reads the press release published by the UK Ministry of Defence. .

Military

Military Education Government IT

White hat hackers showed how to take over a European Space Agency satellite

Security Affairs

APRIL 30, 2023

Credit: ESA – European Space Agency The offensive cybersecurity team at Thales demonstrated how to take control of the ESA satellite, the is considered the world’s first ethical satellite hacking exercise. The exercise aims at assessing the resilience of satellites to cyber attacks. According to classified U.S.

Cybersecurity

Cybersecurity Military Access Education

CPPA Board Holds Meeting on Revised Draft Regulations for Risk Assessment and Automated Decisionmaking Technology

Hunton Privacy

MARCH 15, 2024

Notice Requirements Require the business to provide information to consumers about how the business proposes to use the ADMT, to enable them to decide whether to opt-out or proceed, and whether to exercise their access right. Recognize an exception from access requests for using ADMT solely for training purposes.

Risk

Risk Artificial Intelligence Compliance Privacy

Webinars

Generative AI Deep Dive: Advancing from Proof of Concept to Production

MORE WEBINARS

President Biden Signs Two Bills Aimed at Enhancing Government Cybersecurity

Hunton Privacy

JULY 5, 2022

Under the Cyber Workforce Program Act, the Office of Personal Management (“OPM”) must create a rotational work force development program across federal agencies, including the development of relevant procedures, prerequisites for participation, performance measures and requirements with respect to training, education and career development.

Cybersecurity

Cybersecurity Government Education Communications

Ransomware realities in 2023: one employee mistake can cost a company millions

Security Affairs

OCTOBER 17, 2023

With 85% of campaigns targeting victims with phishing emails containing malicious links, another form of a social engineering attack, education and cyber vigiliance remain a high priority. Why should employers educate employees about cyber security? Use 2FA authentication for better protection.

Ransomware

Ransomware Phishing Passwords Education

China-linked Alloy Taurus APT uses a Linux variant of PingPull malware

Security Affairs

APRIL 26, 2023

The Alloy Taurus APT group targeted South Africa because in February 2023, the African state joined Russia and China to participate in combined naval exercises. Alloy Taurus is known for leveraging the SoftEther VPN service to facilitate access and maintain persistence to their targeted network.

Communications

Communications Military Government Libraries

Tips for Gamifying Your Cybersecurity Awareness Training Program

Security Affairs

NOVEMBER 29, 2022

In today’s technological world, educating people about cybersecurity awareness is an absolute necessity. It is important when developing and implementing these programs to be aware of what methods of education work best. Team Exercises. In service of that end, gamification is a highly effective tactic.

Cybersecurity

Cybersecurity Data breaches Education Phishing

UK NCSC warns of spear-phishing attacks from Russia-linked and Iran-linked groups

Security Affairs

JANUARY 26, 2023

The SEABORGIUM group primarily focuses operations on defense and intelligence consulting companies, non-governmental organizations (NGOs) and intergovernmental organizations (IGOs), think tanks, and higher education. The group also targets former intelligence officials, experts in Russian affairs, and Russian citizens abroad.

Phishing

Phishing Education Authentication Passwords

What is a phishing simulation?

IBM Big Data Hub

AUGUST 9, 2023

A phishing simulation is a cybersecurity exercise that tests an organization’s ability to recognize and respond to a phishing attack. Because even the best email gateways and security tools can’t protect organizations from every phishing campaign, organizations increasingly turn to phishing simulations.

Phishing

Phishing Security awareness Analytics Cybersecurity

Jen Easterly Takes Charge of CISA At Black Hack USA 2021

ForAllSecure

AUGUST 18, 2021

It’s first directory, Chris Krebs, was fired by then-president Tump for saying that the 2020 election was the most secure election in history. Easterly first cleared up one of the biggest challenges facing information security today-- how to pronounce “CISA. exercise these whole nation attack plans to prepare.

Cybersecurity

Cybersecurity Mining Military Education

France: The CNIL publishes a practical guide on Data Protection Officers

DLA Piper Privacy Matters

NOVEMBER 29, 2021

Among the organizations that have designated a DPO, the most represented sectors are, unsurprisingly, the public administration, education and health sectors. Provide information and advice. the detail of the CNIL online DPO designation form and information to be communicated to the CNIL in that respect.

GDPR

GDPR Compliance Personal data Communications

Leaked documents from Russian firm NTC Vulkan show Sandworm cyberwarfare arsenal

Security Affairs

APRIL 2, 2023

These projects include tools, training programs, and a red team platform for exercising various types of offensive cyber operations, including cyber espionage, IO, and operational technology (OT) attacks.” ” reads the report published by Mandiant.

Energy and Utilities

Energy and Utilities Education Ransomware IT

California Legislature Passes Bill to Establish the Genetic Information Privacy Act, Pending Governor’s Signature

Hunton Privacy

SEPTEMBER 1, 2020

Not disclosing, subject to specified exceptions, a consumer’s genetic data to certain entities ( e.g. , those responsible for making decisions regarding health insurance, life insurance or employment).

Privacy

Privacy Insurance Marketing Information governance

Ways to Develop a Cybersecurity Training Program for Employees

Security Affairs

APRIL 15, 2022

While you may disagree, data breach studies show that employees and negligence are the most typical causes of security breaches, yet these prevalent issues are least discussed. However, employees who fell for the spear-phishing campaign are the ones you need to observe and invest your security training into.

Cybersecurity

Cybersecurity Data Privacy Data breaches Privacy

Less than two months to go until DSP Toolkit submission deadline

IT Governance

FEBRUARY 19, 2019

Staff awareness has been added as a requirement of the DSP Toolkit to tackle the risks that poor education around data handling poses to healthcare organisations. IT Governance Publishing’s (ITGP) DSP Toolkit Documentation Templates have been created by information security experts within the healthcare sector. Staff awareness.

GDPR

GDPR Compliance Government Information Security

OpenAI reinstates ChatGPT service in Italy after meeting Garante Privacy’s demands

Security Affairs

APRIL 28, 2023

OpenAI explained that it had expanded the information to European users and non-users, that it had amended and clarified several mechanisms and deployed amenable solutions to enable users and non-users to exercise their rights.” For information about how we develop and train ChatGPT, please see this help center article.”

Personal data

Personal data Privacy Access Education

CyberheistNews Vol 13 #14 [Eyes on the Prize] How Crafty Cons Attempted a 36 Million Vendor Email Heist

KnowBe4

APRIL 4, 2023

The voices of third sector representatives (NGOs, foundations, and educational institutions) are considered by government officials when justifying policy positions and determining how resources and political capital are spent. Education about cybersecurity needs to start early," Karabin says. The genie's out of the box.

Phishing

Phishing Security awareness Cybersecurity Education

China Issues Draft of Personal Information Protection Law

Hunton Privacy

OCTOBER 27, 2020

The definition includes information that can identify data subjects as well as information that is related to the data subjects. Departments Exercising Personal Information Protection. The data processor shall establish the mechanism for the data subject to exercise his or her rights. Obligations of Data Processor.

Cybersecurity

Cybersecurity Data breaches Personal data Government

New SEC Cybersecurity Rules Could Affect Private Companies Too

eSecurity Planet

SEPTEMBER 23, 2022

for past events and the template of information required for those follow-up reports. In an ideal world, a team should also have the time to perform drills or tabletop exercises to simulate an event and practice the reporting process. Practice can reveal overlooked information or expose unrealistic requirements.

Cybersecurity

Cybersecurity Compliance Risk Communications

Does your use of CCTV comply with the GDPR?

IT Governance

OCTOBER 3, 2019

You must tell people when you’re collecting their personal information to give them the opportunity to exercise their data subject rights. These rights enable individuals to access the personal data organisations store on them and to challenge the way their information is used. Make sure people know they’re being recorded.

GDPR

GDPR Privacy Retail Personal data

CIPL and Telefónica Call for Action on New Approaches to Data Transparency

Hunton Privacy

OCTOBER 18, 2016

Data driven companies must research and develop new approaches to transparency that explain the value exchange between customers and companies and the companies’ data practices, and create tools that enable their customers to exercise effective engagement and control. The importance of empowering individuals.

Paper

Paper Education Privacy Personal data

5 learnings from the “Meeting the CCPA Challenge” webinar

Collibra

MARCH 12, 2020

Businesses cannot discriminate against a consumer for exercising their rights. Consumers must submit a VCR to exercise their rights and business must respond within 45 days. Chief Information Security Officer (CISO) to manage access to data and technical aspects of the program. Right to equal service. Notice to consumer.

Data Privacy

Data Privacy Privacy Government Compliance

Hackers exploit coronavirus fears as cyber attacks soar

IT Governance

MARCH 17, 2020

Although exercising caution is never a bad idea, it’s important to note that these are unprecedented times and there will be unusual but legitimate requests. Remote working is an information security risk at the best of times – albeit one that can be managed through effective planning. Expect disruption and chaos.

Phishing

Phishing Risk Communications Government

SEC Announces 2022 Examination Priorities: Private Funds, ESG, Retail, Cyber, Digital Assets Top the List

Data Matters

APRIL 6, 2022

Examination of municipal advisors will focus on whether they have met their fiduciary duty and conflict disclosure obligations to municipal entity clients, as well as registration, professional qualification, continuing education, and supervision requirements. Transfer Agents.

Retail

Retail Compliance Sales Risk

Retired Malware Samples: Everything Old is New Again

Lenny Zeltser

JULY 27, 2018

When training professionals how to reverse-engineer malware , I’ve gone through lots of malicious programs for the purpose of educational examples. As malware evolves, so do our analysis approaches, and so do the exercises we use in the FOR610 malware analysis course.

Education

Education IT Information Security Security

Security in the finance sector: Whose role is it anyway?

CGI

OCTOBER 25, 2015

Keeping our identity and data safe needs to be a top priority, and we should educate ourselves on the best practices for doing so. From a finance sector perspective, the chief information security officer (CISO) bears much responsibility, but Forester’s has a suggestion for CISOs, “Stop trying so hard.”

IT

IT Security Digital transformation Compliance

What Should Be The Core Competencies For Cybersecurity For C-Suite

Cyber Info Veritas

JULY 18, 2018

Most IT specialists, board directors, and C-suite executives aren’t too familiar with matters to do with information security. It’s this lack of adequate information that brings about evasion or irresolution when it comes to cybersecurity, and in a more serious scenario, a resigned acknowledgment that cyber attacks are inevitable.

Cybersecurity

Cybersecurity Ransomware Information Security Risk

GUEST ESSAY: 6 steps any healthcare organization can take to help mitigate inevitable cyber attacks

The Last Watchdog

FEBRUARY 21, 2022

Educate employees. Many security programs focus on employee education (creating a strong password, being aware of phishing, etc.). military exercise their plans often – it builds human muscle memory and increases comfort and resiliency in the people working through these crises.

Passwords

Passwords Cybersecurity Education Phishing

FTC Releases Report on Internet of Things

Hunton Privacy

JANUARY 28, 2015

notice and choice – companies should only be required to notify consumers and offer them a choice for uses of their information that are inconsistent with consumer expectations; companies can obviate notice and choice issues by de-identifying data because there is no need to offer consumers choices regarding data that cannot be traced to them.

Privacy

Privacy Risk Data collection Education

Live from Mexico City: Opening Session Highlights the Potential and Challenges of Big Data

Hunton Privacy

NOVEMBER 2, 2011

and “How do education, prevention and punishment work in this emerging environment?”. Their remarks pointed to the need to focus more on use and accountability and less on consent when consent is impractical, and reflected an interest in evaluating the systemic risks posed by Big Data.

Big data

Big data Privacy Marketing Data collection

Malaysian Data Protection Law Takes Effect

Hunton Privacy

NOVEMBER 19, 2013

At present, these include data users in the communications, banking and finance, insurance, health care, tourism and hospitality, transportation, education, direct sales, services, real estate and utilities sectors. The law allows the Minister to designate classes of data users who must register their data processing activities.

Personal data

Personal data Marketing Communications Insurance

California Privacy Law Overhaul – Proposition 24 Passes

Data Matters

NOVEMBER 4, 2020

Businesses must provide conspicuous links entitled “Limit the Use of My Sensitive Personal Information,” in the same manner Do Not Sell links are currently required, to facilitate consumers’ ability to exercise their rights with respect to sensitive personal information.

Privacy

Privacy B2B Sales Data breaches

GUEST ESSAY: Leveraging best practices and an open standard to protect corporate data

The Last Watchdog

MARCH 21, 2022

Once you know where the data is, how it got there, and its worth (and risk) to your organization, take the time to create a catalog so that your investment in these exercises can immediately generate value for those who need the data to do their job. You almost certainly need a chief information security officer (CISO).

Encryption

Encryption Cloud Privacy GDPR

What’s It Like to Join a Startup’s Executive Team?

Lenny Zeltser

JUNE 7, 2017

Engaging in this exercise forces you to ask tough questions about yourself. You’re not only interacting with prospective customers directly, but are also working with industry analysts and other influences, educating them about your existence and value proposition, and soliciting feedback regarding the vision for your product.

IT

IT Marketing Sales Communications

2022 Cyber Security Review of the Year

IT Governance

DECEMBER 20, 2022

Google , Clearview AI , and Meta all receives hefty penalties in 2022, demonstrating the continued important of effective information security. But these were far from the only notable cyber security headlines of the year. Source: Security Affairs.

Security

Security Data breaches Ransomware Military

FTC Consumer Protection Head Shares New Vision for Consumer Privacy

Hunton Privacy

SEPTEMBER 30, 2010

He stressed the importance of practicing good data hygiene from the beginning, with a focus on information security and data minimization. Consumer and business education. The FTC will continue to explore the most appropriate means for consumers to exercise their preferences. Increased transparency.

Privacy

Privacy Data collection Data breaches Access

Intro to phishing: simulating attacks to build resiliency

Security Affairs

APRIL 21, 2023

This article will provide some insights into current phishing methods cyber-criminals leverage to exploit human behavior, performance metrics useful for measuring organizational resiliency to phishing, and examples of free tools that can be leveraged to conduct internal simulated phishing exercises.

Phishing

Phishing Security awareness Passwords Education

The Hacker Mind Podcast: Hacking Diversity

ForAllSecure

APRIL 7, 2021

When I look at my resume, like it's pretty strong, you know, both in terms of my education. I've got a lot of industry certifications, but having all those paper degrees proved to be a poor equivalent to having actual hands on experience in information security. Vamosi: So what am I missing here.

Cybersecurity

Cybersecurity Information Security IT Security

The Hacker Mind Podcast: Hacking Diversity

ForAllSecure

APRIL 7, 2021

When I look at my resume, like it's pretty strong, you know, both in terms of my education. I've got a lot of industry certifications, but having all those paper degrees proved to be a poor equivalent to having actual hands on experience in information security. Vamosi: So what am I missing here.

Cybersecurity

Cybersecurity Information Security IT Security

What it Takes to Be Your Organisation’s DPO or Data Privacy Lead

IT Governance

DECEMBER 6, 2023

As privacy professionals, we see consumers exercising their rights to withdraw consent to their data being processed via ‘opt out’ or ‘unsubscribe’ buttons, for example. Having one or more of the following can significantly help with this: An ISO 27001 ISMS (information security management system).

Data Privacy

Data Privacy Privacy GDPR IT

Network Security Architecture: Best Practices & Tools

eSecurity Planet

APRIL 26, 2024

Penetration testing : Tests security controls to verify correct implementation, detect vulnerabilities, and confirm adequate security controls for risk reduction goals. Cybersecurity training : Educates employees regarding basic best practices to recognize attacks, avoid scams, and protect against breaches or data loss.

Security

Security Cloud Cybersecurity Risk

What Is a SaaS Security Checklist? Tips & Free Template

eSecurity Planet

APRIL 9, 2024

ISO 27000 is a standard for information security and SOC is for maintaining consumer data integrity and security across several dimensions. Is your firm in compliance with the Payment Card Industry Data Security Standard (PCI DSS) to protect cardholder data during transactions?

Security

Security Compliance Cybersecurity Communications

MY TAKE: Michigan’s Cyber Range hubs provide career paths to high-schoolers, underutilized adults

The Last Watchdog

NOVEMBER 28, 2018

Both were well-equipped to teach, test and train individuals ranging from teen-agers and non-technical adults, to working system administrators and even seasoned tech security pros. Healtcare company Spectrum Health is a consortium member, and its director of information security, Jim Kuiphof, serves as an advisor to Tuttle.

Cybersecurity

Cybersecurity Systems administration Military Manufacturing

CyberheistNews Vol 13 #27 [Heads Up] Massive Impersonation Phishing Campaign Imitates Over 100 Brands and Thousands of Domains

KnowBe4

JULY 5, 2023

Yes, we have started with training and recently conducted a phishing exercise, we are currently doing a POC test with a few users regarding the PAB functionality. Zimperium has the story: [link] What KnowBe4 Customers Say "Hi Stu, I trust that you are well. Thanks for your email. who has been assisting us above and beyond." - N.S.,

Phishing

Phishing Security awareness Passwords Computer and Electronics

UK won the Military Cyberwarfare exercise Defence Cyber Marvel 2 (DCM2)

White hat hackers showed how to take over a European Space Agency satellite

Webinars

Trending Sources

CPPA Board Holds Meeting on Revised Draft Regulations for Risk Assessment and Automated Decisionmaking Technology

Webinars

President Biden Signs Two Bills Aimed at Enhancing Government Cybersecurity

Ransomware realities in 2023: one employee mistake can cost a company millions

China-linked Alloy Taurus APT uses a Linux variant of PingPull malware

Tips for Gamifying Your Cybersecurity Awareness Training Program

UK NCSC warns of spear-phishing attacks from Russia-linked and Iran-linked groups

What is a phishing simulation?

Jen Easterly Takes Charge of CISA At Black Hack USA 2021

France: The CNIL publishes a practical guide on Data Protection Officers

Leaked documents from Russian firm NTC Vulkan show Sandworm cyberwarfare arsenal

California Legislature Passes Bill to Establish the Genetic Information Privacy Act, Pending Governor’s Signature

Ways to Develop a Cybersecurity Training Program for Employees

Less than two months to go until DSP Toolkit submission deadline

OpenAI reinstates ChatGPT service in Italy after meeting Garante Privacy’s demands

CyberheistNews Vol 13 #14 [Eyes on the Prize] How Crafty Cons Attempted a 36 Million Vendor Email Heist

China Issues Draft of Personal Information Protection Law

New SEC Cybersecurity Rules Could Affect Private Companies Too

Does your use of CCTV comply with the GDPR?

CIPL and Telefónica Call for Action on New Approaches to Data Transparency

5 learnings from the “Meeting the CCPA Challenge” webinar

Hackers exploit coronavirus fears as cyber attacks soar

SEC Announces 2022 Examination Priorities: Private Funds, ESG, Retail, Cyber, Digital Assets Top the List

Retired Malware Samples: Everything Old is New Again

Security in the finance sector: Whose role is it anyway?

What Should Be The Core Competencies For Cybersecurity For C-Suite

GUEST ESSAY: 6 steps any healthcare organization can take to help mitigate inevitable cyber attacks

FTC Releases Report on Internet of Things

Live from Mexico City: Opening Session Highlights the Potential and Challenges of Big Data

Malaysian Data Protection Law Takes Effect

California Privacy Law Overhaul – Proposition 24 Passes

GUEST ESSAY: Leveraging best practices and an open standard to protect corporate data

What’s It Like to Join a Startup’s Executive Team?

2022 Cyber Security Review of the Year

FTC Consumer Protection Head Shares New Vision for Consumer Privacy

Intro to phishing: simulating attacks to build resiliency

The Hacker Mind Podcast: Hacking Diversity

The Hacker Mind Podcast: Hacking Diversity

What it Takes to Be Your Organisation’s DPO or Data Privacy Lead

Network Security Architecture: Best Practices & Tools

What Is a SaaS Security Checklist? Tips & Free Template

MY TAKE: Michigan’s Cyber Range hubs provide career paths to high-schoolers, underutilized adults

CyberheistNews Vol 13 #27 [Heads Up] Massive Impersonation Phishing Campaign Imitates Over 100 Brands and Thousands of Domains

Stay Connected